Sharing port 80?

I've worked for several employers who block outgoing connections that use common ports such as ssh, telnet, rdp, and others. When this happens, I have to change my home router configuration to map external port 80 to whichever internal port number I need to get to on my home network.

The problem is, I have several services I need to get to running on the home network and they can't all use port 80 can they? Does any one know of a way I can configure Tomato to share port 80 or some other solution I haven't thought of? Thanks a lot

I don't think what you say would work, companies use firewalls and are these easily able to detect services running on wrong ports e.g. dns running on port 80.
The way I personally work around this is to have a commercial product called "remotelyanywhere" (not to expensive) running on one of my LAN PCs and mapped to port 443 of my router (I use a different port for the tomato admin btw)
This way you can connect to your router:443 via a normal browser and achieve a full remote administration. Once your on the remote desktop you can do anything you like. SSL is considered safe by most companies and is pretty much always enabled via the corporate firewalls.

I don't think what you say would work, companies use firewalls and are these easily able to detect services running on wrong ports e.g. dns running on port 80.

Click to expand...

That has not been my experience. I've been doing it this way for over 5 years now. I run everything that way when I need to, rdp, ssh, ftp, and more. It's getting to be a pain though - switching port 80 to the right internal port. If possible, I'd like to find a solution that involves manipulating Tomato's configuration.

I'm really surprised this has worked in the past. All the companies I worked for in the past have internet access granted only via HTTP proxy, that means: the application must talk http/s or the proxy would not understand.
Different matter would be if you try to redirect e.g. http/s traffic only to a pool of LAN webservers as using a reverse-proxy you could take advantage of the host-headers functionality to redirect same port to different LAN IP.
The only other thing I can think about in your scenario (if they really allow any traffic via the firewall!) would be to have an pptp or openvpn connection froum your laptop to your router and do anything you need that way. Mind you though: most of the companies see this as hacking and they might not be ok with that!

Thanks for the recomendations. I'm thinking I'll go with sslh, ssh, or vpn through 443. OF these, which would be the best balance between easiest to setup, performance, and least likely to raise flags with netadmins?

VPN is ultimately more versatile, ssh doesn't require anything extra on the router and is a "lighter" install on the client, never used sslh, but looks like it would have the advantage of potentially no additional client side install.

If I don't routinely need full blown LAN access, I usually just use ssh w/tunnels. Often even in situations where VPN is already setup and running.

I'm at work and I want to establish an rdp connection to pc-1 at home, and another rdp connection to pc-2 at home. From work, I have to go out through port 443 (or 80). How do I set that up? I've used Putty before. Thx

Use port 443 for SSH on the router so it will look like an https connection.

Create a tunnel in Putty to forward local port 3389 to port 3389 on the LAN IP of your desired target at home.

Open a rdp connection to 127.0.0.2 and you'll be connected.

Here's a slightly different take that should also work. I would avoid using port 22 for SSH on your home router because a) many companies block everything except 80 and 443 and b) it will be an instant flag to a half-alert IT admin that you are doing something nonstandard. Seeing encrypted traffic on port 443 won't raise any eyebrows.

It should work fine. Ssh remote port in tomato gui would be 443. If you can establish an ssh connection on 443, then follow the above steps for PC1. Once PC1 works, set up another tunnel using another "Source Port" say 13389 and pointing to PC2IP:3389 for "Destination", and point Remote Desktop Connection to "127.0.0.1:13389" when you want to connect to PC2.